Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Fragmentation is the process of splitting the packet into fragments. This technique is
usually adopted when IDS and Host device is configured with different timeouts. For
example, if an IDS is configured with 10 Seconds of timeout whereas host is configured
with 20 seconds of a timeout. Sending packets with 15sec delay will bypass reassembly
at IDS and reassemble at the host.
Similarly, overlapping fragments are sent. In Overlapping fragmentation, a packet with
the TCP sequence number configured is overlapping. Reassembly of these overlapping,
fragmented packets is based on how an operating system configured to do. Host OS
may use original fragmentation whereas IOS devices may use subsequent fragment
using offset.
Obfuscating
Obfuscation is the encryption of payload of a packet destined to a target in a manner
that target host can reverse it but the IDS could not. It will exploit the end user
without alerting the IDS using different techniques such as encoding, encryption,
polymorphism. Encrypted protocols are not inspected by the IDS unless IDS is
configured with the private key used by the server to encrypt the packets. Similarly, an
attacker may use polymorphic shellcode to create unique patterns to evade IDS.
Session Splicing
Session Splicing is a technique in which attacker splits the traffic into a large number
of the smaller packet in a way that not even a single packet triggers the alert. This can
also be done by a slightly different technique such as adding a delay between packets.
This technique is effective for those IDS which do not reassemble the sequence to
check against intrusion.
Mind Map